The CyberVor gang stole credentials from over 420,000 web and FTP sites through a variety of means. Initially the group purchased credentials on the black market and used them to send spam and install malicious redirects. Then, going back to the black market, the group acquired the data from an enormous botnet which had identified SQL vulnerabilities on sites visited by victims. SQL injection vulnerabilities were found on over 400,000 sites.

The attack targeted large and small websites indiscriminately, but Hold Security has not publicly identified any affected sites for legal and ongoing security reasons. The company is expected to present its findings to the Black Hat security conference this week, according to Gigaom.

The Times says attackers have been identified by Hold as fewer than a dozen men in their 20s in South Central Russia. Their servers are in Russia, but the Russian government does not appear to be involved.

Related Stories

August 7, 2009 -- Social networking website Facebook says that anti-Georgia Russian hackers may be responsible for Thursday's global denial-of-service attacks, which caused Google and social networks like Facebook, Twitter and LiveJournal to experience brief periods of downtime. Read More

January 21, 2011 -- Two Internet watchdog websites have discovered that Russian cybercriminals may be riding on the coattails of WikiLeaks, and its hacker supporters, to stay online, according to a report by Security News Daily. Read More

July 12, 2012 -- Hackers breached a server at Yahoo! on Wednesday, and posted around 453,000 user login credentials online. Using a union-based SQL injection, the hackers breached the subdomain that belongs to Yahoo Voices, formerly Associated Content, a report by CNET says. Read More

June 4, 2012 -- More than 900 admin credentials from telecommunications provider China Telecom have been lifted after an attack by hacker group SwaggSec. According to a Pastebin post on Sunday, the hackers had been downloading from a China Telecom SQL server for a month. Read More

Russian bloggers have started to receive notifications on Friday under a new law that requires popular bloggers to register with the government. According to a report by GigaOM, the notices are being sent out by Russian telecommunications regulator Roskomnadzor. Read More

Add Your Comments

One Comment

Now that's horrible to read. But what steps one could take, if there are so many vulnerabilities for the online industry. Ebay was a classic example as there was so a huge tremendous task before admin to keep all intact.

http://www.ServiceUptime.com
Whenever your website becomes inaccessible or returns incorrect data ServiceUptime alerts you within seconds of the event via email or SMS. Be the first to know when your website is down!

London WHIR Networking Event
RSVP for the London WHIR Networking Event on September 29. Join The WHIR and hosting & cloud industry colleagues for a fun evening with open bar, free food and prize giveaways!